It seems like a new scam emerges every day, and they’re only getting more sophisticated. This latest one hits very close to home. WordPress powers approximately 26% of the internet, which means there are many people attempting to hack it. Given its market share, vulnerabilities are regularly found and patched by the WordPress team. You likely receive emails frequently, informing you that your website has been updated or needs an update. You probably ignore these emails for a while, too. However, this new scam arrives via email and looks extremely legitimate. I recently received it. The subject of the email was: “Important: Vulnerability found – Your website clikitnow(dot)com is at risk”
This email was personal (it included my domain name), well-formatted, and well-written (though an English teacher might catch a few grammar errors), and it included a strong call to action.
However, WordPress does not require you to download a plugin for security updates. They are delivered as usual – through WordPress updates (the same emails I mentioned earlier that you likely ignore for a little while).
Being in the WordPress business, I was curious. So, I opened a sandbox browser, copied the link, and navigated to the webpage. The webpage was an exact replica of the official WordPress site! I was in disbelief. (NOTE: DO NOT do this; leave it to WP security professionals like us).
I did not go as far as to download the plugin, but with the help of Reddit, it appears that when you install this plugin to “patch” your website, it creates an administrative user and sends a signal back to the hacker organization that they are let in. From there, the hackers have full control of your site.
If you receive this email, as with all scams, simply delete it. Do not download the plugin, and do not panic. If you want to feel more secure, log into your WordPress website, make a backup, and run some updates to ensure you have the latest patches from the official sources.